Categories Top Downloads
Login Register Upload

Ixia's Cyber Range Training Program

January 11, 2017 | Author: Ixia | Category: N/A
Share Embed Donate
Report this link


Short Description

Download Ixia's Cyber Range Training Program...

Description

Cyber Range Training Services

Table of Contents Train Like You Fight...................................................................................... 2 The Global Cyber Range Imperative............................................................. 3 Why Traditional Approaches Have Failed..................................................... 3 A Pragmatic Strategy for Arming and Training Elite Cyber Warriors.......... 3 Training Next-Generation Cyber Warriors with Advanced Cyber Range Training.............................................................................................. 4 Real-World Cyber Ranges............................................................................. 5 Ixia’s BreakingPoint Cyber Ranges.............................................................. 6 Cyber Range Targets.................................................................................... 6 Service Operations Module.......................................................................... 7 Service Defensive Operations Module......................................................... 7 Cyber Range Simulation Learning Module................................................... 7 Cyber Range Training................................................................................... 8

II

1

Cyber Range Training Services

Train Like You Fight Organizations worldwide face a dangerous shortage of Cyber Warriors with the skills required to defend against cyber terrorism. This urgent situation is made worse by the weaknesses and vulnerabilities that continue to pervade critical IT infrastructures — despite billions of dollars invested in cyber security measures. Addressing these problems requires Internet-scale simulation environments, along with a comprehensive training curriculum and proven methodologies, to develop elite Cyber Warriors and simulate attacks on IT infrastructures. Military commanders, defense contractors, and even commercial analysts such as Gartner refer to these environments as “Cyber Ranges.” Although Cyber Ranges are a necessity for training Cyber Warriors, in recent years the old approach to building them has been exposed as a costly and futile exercise. Flagship Cyber Range projects relying on that outmoded approach

Cyber Range Training Services

have wasted years and hundreds of millions of dollars merely to study the problem.

The Global Cyber Range Imperative

Yet Ixia BreakingPoint has harnessed patented network processor technology to deliver a better approach — one that creates an Internet-scale Cyber Range environment from a single 7-inch-high device. This breakthrough invention removes the obstacles that once prevented the widespread deployment of Cyber Ranges for arming and training Cyber Warriors.

Those who do not remember the lessons of the past are doomed to repeat them. Yet today the same complacency that has led to catastrophic losses so many times is placing the world’s leading nations at risk, this time in the fifth battle space—the cyber domain. Without urgent action and investment to harden the resiliency of national cyber defenses, the impacts of cyber attacks will continue to multiply.

Leveraging its Cyber Range experience, Ixia has formulated a strategy for preparing organizations to defend their interests by assessing, educating, and training elite Cyber Warriors and equipping them to harden the resiliency of critical network and data center infrastructures.

Just as every military and police force needs a firing range to hone weapons skills and battle tactics, every Cyber Warrior needs access to a Cyber Range. Only with an Internet-scale, operationally-relevant, and ever-current Cyber Range can organizations produce the empiricallyvalid war-gaming scenarios necessary to develop IT staff skills and instincts for offensive and defensive action. Similarly, the only way to understand the resiliency of IT infrastructures is to assault every element within them using the high-stress, real-world conditions created in the controlled environment of a Cyber Range.

Why Traditional Approaches Have Failed Unfortunately, the enormity of today’s cyber security crisis has outstripped the unmanageable, inefficient approach of traditional Cyber Range models. At one organization, leaders were struggling to scale to the performance necessary to replicate a realistic environment. The organization had followed the old Cyber Range model to build out a lab filled with hundreds of servers cabled together to simulate the load of 15,000 users — with limited application coverage. Its mission, however, required 250,000 users to exercise target devices across the full complement of today’s applications.

2

The traditional Cyber Range model involves massive investments in hardware, software licenses, electricity, and real estate. It also requires dozens of skilled professionals to set up, configure, integrate, and maintain. It then requires dozens more network and security professionals with the knowledge to continually research and create an evolving mix of sophisticated attacks. Rather than use cost-effective, adaptive, and scalable technology that is now readily available, too many organizations and government agencies have answered the Cyber Range challenge by throwing money, outmoded hardware, and expensive consultants at it. That approach is destined to fail, however, because it will never keep pace with the rapid evolution of cyber threats.

A Pragmatic Strategy for Arming and Training Elite Cyber Warriors Drawing on its years of experience in delivering breakthrough Cyber Range innovations to military organizations and global enterprises, Ixia has developed a pragmatic and sustainable strategy for arming organizations to assess, educate, and certify a national force of Cyber Warriors to carry out information assurance (IA), information operations (IO), and mission assurance (MA) duties. The same innovative technology and scalable approach used for training Cyber Warriors can be leveraged to assess and harden IT infrastructure resiliency.

3

Cyber Range Training Services

Training Next-Generation Cyber Warriors with Advanced Cyber Range Training Organizations and government agencies have answered the cyber defense challenge by arming their networks with firewalls, intrusion prevention systems (IPSs), and other defenses. Though this satisfies a rudimentary network security checklist, this approach on its own has no hope of keeping pace with the rapid evolution and scale of cyber threats, and is destined to fail. Effective cyber security is the product of melding trained people, or Cyber Warriors, and automated systems into a unified defense. Ixia’s Cyber Range Training delivers structured training and war-gaming exercises to prepare Cyber Warriors at both public and private organizations to defend their critical infrastructures, enterprises, and communications networks. With a comprehensive Cyber Warrior curriculum, commanders, government officials, and CIOs can educate and train their personnel through a wide range of exercises at increasing levels of difficulty to evaluate expertise and certify capabilities. Our training includes both pre-built and customized war game scenarios to ensure the highest security for your particular network.

Cyber Range Training Services

Our Cyber Range Training leverages Ixia BreakingPoint™ Actionable Security Intelligence (ASI) to generate realistic application traffic and exploits, using pre-configured and custom Internet and target simulations. During training, we will generate the following traffic and simulations to create an Internet-scale Cyber Range environment: •

Realistic target simulations



Realistic exploit simulations



Realistic evasion simulations



Realistic traffic simulation ƒƒ

Internet IPv4 and IPv6 infrastructure

ƒƒ

Enterprise and IT services

ƒƒ

Population and country user base

ƒƒ

Data of interest or “needle in a haystack” for data loss prevention (DLP)

ƒƒ

Mobile subscriber user base

Real-World Cyber Ranges A true Cyber Range environment allows Cyber Warriors to conduct offensive operations against enemy targets connected to networks, and defensive operations to protect critical infrastructure components connected to networks. We implement a Cyber Range environment with multiple components, including computer servers, computer clients, routers, and switches that simulate your real infrastructure components and targets. While many Cyber Ranges are hardware intensive, requiring hundreds of servers and clients, we implement a more cost-effective virtual environment.

Our Cyber Range training was developed with an emphasis on real-world operations and self-enabling. The training objective is to instruct students on how to conduct offensive and defensive operations, taking into account personnel roles and responsibilities in a Cyber Range environment. Learning modules cover offensive operations, including attack and exploit vectors and target simulations, defensive operations from a network/security operations centers (NOC/SOC) perspective, and lab exercises.

Image Source: US Air Force

4

5

Ixia’s BreakingPoint Cyber Ranges

Ixia’s BreakingPoint Cyber Ranges

Ixia’s BreakingPoint Cyber Ranges

Cyber Range Targets

Service Operations Module

Ixia BreakingPoint-based Cyber Ranges provide an environment that allows Cyber Warriors to:

To simulate theater operations, Ixia developed a realistic set of targets for multiple geographical areas of responsibilities (AOR). Ixia’s Cyber Range targets map to the following geographical AORs:





Asia Pacific targets

The Service Operations Module leverages Ixia BreakingPoint ASI platforms using pre-configured or custom simulations that target private and public infrastructure components and assets. During the lab exercises students will generate target traffic using the following simulations:



North America targets



Europe targets

Conduct cyberspace operations to ensure freedom of action in cyberspace, while denying the same to adversaries



Simulate critical infrastructure components, including computer servers and clients



Simulate and conduct offensive operations against enemy targets



Simulate and conduct defensive operations to protect critical infrastructure components.

To simulate real-world operations, the training will leverage available real-world security and network infrastructures to simulate the day-to-day operations that are conducted at data centers, NOCs, and SOCs. Possible infrastructure components include application-level firewalls, intrusion detection systems (IDS), intrusion protection systems (IPS), SYSLOG servers, DLP appliances, routers, switches, network management systems, and application servers. Possible application servers include mail servers, web servers, database servers, and voice servers.



High-level operational concept graphic



Country of Interest Traffic



Operational node description



Country of Interest Targets



Operational information exchange matrix



Organizational relationship chart



Operational activity model

This will cover real-world traffic scenarios, to include: •

Application traffic simulations with mixes of different protocols



Reconnaissance activities



Denial of Service (DoS) attacks, including:



Service Defensive Operations Module

ƒƒ

IP layer

ƒƒ

Transport layer

The Service Defensive Operations Module includes an overview of the day-to-day activities that are performed at data centers, NOCs, and SOCs. The student will learn how to use operational activity models and operational information exchange matrixes in support of defensive operations. The module also covers how incident response teams (IRT) react to network and security events. During the operations lab exercises, students will perform the following exercises:

ƒƒ

Application layer

ƒƒ

IP layer

ƒƒ

Transport layer

ƒƒ

Application layer

Distributed Denial of Service (DDoS) attacks, including:



Monitor enterprise traffic



Worm exploits



Monitor network devices



Application exploits



Monitor security devices



Common Vulnerabilities and Exposures exploits



Respond to network and security events



Malware



Reconfigure network and security devices

Note: This list will be customized for each customer, based on need. The service operations module instructs students on how to develop attack vectors with multiple evasion techniques. During the attack and exploit lab exercises, students will perform the following exercises targeting multiple infrastructure components:

6

Successful operations require collaboration and information exchanges between operational nodes and their personnel. The training leverages multiple frameworks to capture the information exchanges and operational activities at operation centers. Ixia’s Cyber Range Training shows students how to develop the following operational views to support their enterprise operations:



Generate realistic security exploits



Generate fuzzing traffic with invalid and malformed data



Generate evasions to bypass security countermeasures

Cyber Range Simulation Learning Module Ixia Cyber Ranges simulate millions of users and thousands of servers and clients with over 245 application protocols, transport protocols, and network protocols. Our Cyber Range Simulation Learning Module leverages Ixia BreakingPoint ASI platforms to simulate critical infrastructure components that can represent anything from financial, utilities, telecommunications, and industrial computer servers to military weapon systems.

7

Cyber Range Training

Cyber Range Training

Cyber Range Training Course Code 985-2503 - 3 days

985-2504 - 5 days, includes all of 9852503, and an additional 2 days of hands-on Operational Scenarios, described below

Level: Advanced Prerequisites: Students should have a good understanding of TCP/IP and traffic flows. In addition, students may be working with routers, switches, firewalls, and IDS/ IPS devices, and security information event management (SIEM), so should have a working knowledge of these products. Students will take on roles of managing the network and security devices during the class, so should have an understanding of these roles. Synopsis: This course will give students an understanding of offensive and defensive cyber security methods. Students will gain knowledge and skills in reacting to a myriad of cyber security and application traffic flows. Students will be put through Operational Scenarios that include malicious and non-malicious traffic in a safe, secure environment.



Upon successful completion, students will be able to: •

Determine best practices for defensive cyber security mechanisms



Build a Cyber Range to use as a continual learning tool



Understand cyber security attacks and how they affect network and security devices



Configure the Ixia BreakingPoint system to run application and security traffic





Create Operational Scenarios

Day 1: •

Cyber Range Fundamentals ƒƒ



Network Neighborhood ƒƒ

8

Overview of a Cyber Range and different environments that include Cyber Range Security Operations Center, Cyber Range penetration testing tools, and Cyber Range integrated with a Learning Management System (LMS) Overview of Network Neighborhood and how to model operational environments

ƒƒ

Session Sender test component configuration

ƒƒ

DNS based attacks

ƒƒ

Labs to setup country- and region-specific Network Neighborhoods

ƒƒ

Session Sender test phases

ƒƒ

HTTP fragmentation attacks

ƒƒ

What constitutes a session

ƒƒ

Excessive Verb (POST)

ƒƒ

Labs to create Session Sender test scenarios

ƒƒ

Excessive Verb (GET)

Super Flows Describe what flows, Super Flows, and Application Profiles are and how to build them Super Flow test cases to describe different protocols and how they can be used to build specific application traffic Labs to build Super Flow traffic, as well as putting the Super Flows into an Application Profile

Day 2:







Labs to learn how to setup basic Network Neighborhoods

ƒƒ

Objectives:



ƒƒ

ƒƒ



Day 4:

Setting up different Network Neighborhoods to include switch, router, and core (virtual) router environments

ƒƒ



Day 3:

ƒƒ







Session Sender

Stack Scrambler ƒƒ

Stack Scrambler test component configuration

ƒƒ

Header fields that can be modified

ƒƒ

Labs to create Stack Scrambler traffic flows

Reconnaissance Activities ƒƒ

PING sweeps

ƒƒ

Port scans

IP Layer Attacks

Spend additional time designing customer specific scenarios using techniques learned during the week



Run through those scenarios with a qualified Cyber Range Instructor available as a guide and mentor

Overview of Client Simulator test component

ƒƒ

Adding Super Flows to Client Simulator scenarios

ƒƒ

UDP flood

ƒƒ

Labs to create and run Client Simulator Super Flows previously created

ƒƒ

UDP flood with fragments

ƒƒ

UDP flood from different clients to different targets

Transport Layer Attacks

ƒƒ

Overview of Application Simulator test component

ƒƒ

TCP SYN flood

ƒƒ

Adding Application Profiles to Client Simulator scenarios

ƒƒ

TCP SYN ACK flood

ƒƒ

Labs to create and run Application Simulator using different Application Profiles

ƒƒ

TCP PUSH flood

ƒƒ

TCP Session attack (all of these can be done multiple times with different Evasion profiles)

ƒƒ

Strike List overview

ƒƒ

Strike List terms

ƒƒ

Default Strike Lists

ƒƒ

Fuzzers

ƒƒ

Labs to configure Strike Lists



Day 5:



ƒƒ

Vulnerability detection and reporting

Run a mix of over 6000 pieces of CVE attacks

ICMP flood from different clients to different targets

ƒƒ

ƒƒ

ƒƒ

Practice those skills using the equipment that has been gathered for the customer’s specific requirements

ƒƒ

Strike Lists

CVE attacks



ƒƒ

Application Simulator



Run a mix of the over 35,000 pieces of live malware in different combinations depending on the targets

ICMP flood with fragments

ICMP flood



ƒƒ

Review the skills learned throughout the first four days of class

ƒƒ

Client Simulator

Malware



Critical Infrastructure Servers Building simulated critical infrastructure servers and the traffic being generated



Application Layer Attacks

Cyber Range Training is offered at Ixia’s Cyber Defense AcademyTM or on-site at your location.

Introduction to Application Layer Attacks, Malware and CVE Attacks

Security ƒƒ

Security test component configuration

ƒƒ

Adding Strike Lists to Security scenarios

ƒƒ

Evasion Profiles

ƒƒ

Labs to configure Security test scenarios

9

Contact Ixia Today Ixia Worldwide Headquarters 26601 Agoura Rd. Calabasas, CA 91302 (Toll Free North America) 1.877.367.4942 (Outside North America) +1.818.871.1800 Fax 818.871.1805 www.ixiacom.com

915-4036-01 Rev. A, May 2014

Ixia European Headquarters Ixia Technologies Europe Ltd Clarion House, Norreys Drive Maidenhead SL6 4FL United Kingdom Sales +44 1628 408750 Fax +44 1628 639916

Ixia Asia Pacific Headquarters 21 Serangoon North Avenue 5 #04-01 Singapore 554864 Sales +65.6332.0125 Fax +65.6332.0127

View more...

Comments

Copyright ©2017 KUPDF Inc.
SUPPORT KUPDF